How to: Upgrade a BIG-IP Next HA instance on VE from BIG-IP Next Central Manager with manual failover¶
Overview¶
This procedure describes on how to upgrade your BIG-IP Next High Availability (HA) instance on a Virtual Edition (VE) using the BIG-IP Next Central Manager with manual failover.
Prerequisites¶
Upgrade the BIG-IP Next instances to the latest version before upgrading BIG-IP Next Central Manager.
For example, if your BIG-IP Next Central Manager is version 20.2.1 and BIG-IP Next instance is version 20.2.1, first upgrade the BIG-IP Next instances from 20.2.1 to version 20.3.0 using the 20.2.1 BIG-IP Next Central Manager, and then upgrade the BIG-IP Next Central Manager from 20.2.1 to 20.3.0 version.
Authenticate with the BIG-IP Next Central Manager API. For details refer to How to: Authenticate with the BIG-IP Next Central Manager API.
Limitations¶
There are limitations on upgrading BIG-IP Next Instance. Refer to the Compatibility Matrix for the User workflow on how to upgrade the BIG-IP Next Central Manager and BIG-IP Next.
Note: It is recommended to upgrade BIG-IP Next before upgrading the BIG-IP Next Central Manager.
Table 1: Compatibility Matrix for BIG-IP Next Central Manager and BIG-IP Next Instance Upgrades
BIG-IP Next Central Manager Release Version | Upgrade BIG-IP Next Version (From) | Upgrade BIG-IP Next Version (To) | Compatible | User Upgrade Workflow |
---|---|---|---|---|
20.1.0 | 20.1.0 | 20.2.0 | Yes | |
20.1.0 | 20.2.1 | No (Follow the workflow mentioned in User upgrade column) |
Follow the sequences below to upgrade:
|
|
20.2.0 | 20.2.1 | No (Follow the workflow mentioned in User upgrade column) |
Follow the below sequences to upgrade
|
|
20.2.0 | 20.1.0 | 20.2.0 | No | |
20.2.0 | 20.2.1 | Yes | ||
20.2.0 | 20.3.0 | Yes | ||
20.2.1 | 20.3.0 | Yes | ||
20.2.1 | 20.2.0 | 20.2.1 | No | |
20.2.1 | 20.3.0 | Yes |
The BIG-IP Next instance do not support downgrading from a higher version to a lower version.
Procedure¶
Use this procedure to upgrade the software for a BIG-IP Next HA instance on VE from BIG-IP Next Central Manager using the manual failover method. For this procedure, you upgrade the standby node first, and then the active node.
To upgrade VE instance using Central Manager GUI:
Note: For information about upgrading a BIG-IP Next HA instance on VE using the auto-failover procedure see Upgrade a BIG-IP Next HA instance on VE from BIG-IP Next Central Manager using the automatic failover method.
Log in to MyF5 Downloads.
Accept the EULA and click Next.
Under Group, select BIG-IP_Next.
Under Product Line, select Virtual Edition.
Under Product Version, choose the appropriate version.
Under Select a download file select the appropriate .tgz file and .sig file (if required).
Under Download locations, select the appropriate location.
Click Download. The file is downloaded to your local system and can take up to an hour because of the size of these files.
Log in to BIG-IP Next Central Manager as admin, click the Workspace icon next to the F5 logo, and click Infrastructure.
Select the checkbox next to the BIG-IP Next HA instance you want to upgrade.
At the top right of the screen, click Actions and select Upgrade.
Disable the toggle button for Enable automatic failover.
For the Standby Node, click the Upgrade button next to the software version.
For the image file, click Upload file and the Browse link to navigate to the location you downloaded the .tgz file.
Click the Open button and then click Upload. This file is large, so uploading can take some time.
For the signature file, click Upload file and the Browse link to navigate to the location you downloaded the .sig file.
Click the Open button and then click Upload.
After the files are uploaded, click the Upgrade button and confirm the upgrade by clicking the Upgrade button on the confirmation message.
When upgrading from version 20.2.0 to 20.2.1, if your BIG-IP Next instance was previously running version 20.1.0, you will be prompted to accept a new certificate for the instance in the BIG-IP Next Central Manager GUI. To proceed with the upgrade, click View and accept the certificate fingerprint.
Note: When upgrading to version 20.2.1, you will not be prompted to accept a new certificate if your BIG-IP Next instance was initially installed with version 20.2.0.
After the standby node upgrade is complete, select the BIG-IP Next HA instance in the Mode column. This will open the HA Parameters panel for that specific instance.
Click the Force Failover button next to HA Nodes.. A confirmation popup displays.
Click the Yes, Failover button. The failover process icon displays.
After the failover process is complete, select the checkbox next to the BIG-IP Next HA instance that you want to upgrade.
At the top right of the screen, click Actions and select Upgrade.
For the Standby Node, click the Upgrade button next to the software version.
Click the Select File buttons and select the .tgz and .sig files from the dropdowns.
Click the Upgrade button and confirm the upgrade by clicking the Upgrade button on the confirmation message.
When upgrading from version 20.2.0 to 20.2.1, if your BIG-IP Next instance was previously running version 20.1.0, you will be prompted to accept a new certificate for the instance in the BIG-IP Next Central Manager GUI. To proceed with the upgrade, click View and accept the certificate fingerprint.
Note: When upgrading to version 20.2.1, you will not be prompted to accept a new certificate if your BIG-IP Next instance was initially installed with version 20.2.0.
Result
After the upgrade process, the BIG-IP Next instance displays with the new version on the My Instances page.
If you plan to backup your instance files, you need to delete the large image files on the BIG-IP Next instance. See How to: Back up managed BIG-IP Next instances to BIG-IP Next Central Manager’s local drive instantly or on a schedule for more information.
To upgrade Instance using Central Manager APIs:
Get Instance details by sending a GET request to
/spaces/default/instances
endpoint. Identify the ID of the instance that you want to upgrade.GET https://{{CM_IP}}/api/v1/spaces/default/instances?filter=address eq '{{bigip_next_mgmt_ip}}'
The VE BIG-IP Next upgrade requires an “image file” and “signature file”. Both files must be downloaded from F5 site and uploaded individually to the instance. When you upload the files they are uploaded to both the nodes (Active and Standby). Therefore, this step should only be executed once per file.
Use the *POST request to upload both the files simultaneously by sending a POST request to
/spaces/default/instances/{remote-Big-IP-Next-ID}/proxy-file-upload:
endpoint using instance_id of the instance you want to upgrade.POST https://{{CM_IP}}/api/v1/spaces/default/instances/{{remote-Big-IP-Next-ID}}/proxy-file-upload:
For the API form data, use the following example, modifying the values as required.
file_name
File
bigip-next-signature-bundle.tgz.512.sig
name
Text
<signature_filename>
description
Text
big-ip next upgrade signature file
*Note: The image file and signature file name ends with ‘.tgz’ and ‘.tgz.512.sig’ respectively.
Get the uploaded files by sending the GET request to the
/device/v1/proxy/{{remote-Big-IP-Next-ID}}?path=/files
endpoint using instance_id of the instance you want to upgrade. The image name and signature name is returned in the response.GET https://https://{{CM_IP}}/api/device/v1/proxy/{{remote-Big-IP-Next-ID}}?path=/files
Initiate the instance upgrade by sending the POST request to the
/spaces/default/instances/{{remote-Big-IP-Next-ID}}/upgrade
endpoint using instance_id of the instance you want to upgrade.POST https://{{CM_IP}}/api/v1/spaces/default/instances/{{remote-Big-IP-Next-ID}}/upgrade
For the request payload, use the following example, modifying the values as required.
{ "upgrade_type": "ve_autofailover", "image_name": "<bigip_next_image_filename>", "signature_name": "<bigip_next_signature_filename>" }
Get the status for instance upgrade task by sending the GET request to the
/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}
endpoint.GET https://{{CM_IP}}/api/v1/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}
In the response, when the state indicates wait for user input, accept the fingerprint to trust the certificate. Accept the fingerprint by sending a PATCH request to the
/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}
endpoint to generate new certificates.PATCH https://{{CM_IP}}/api/v1/spaces/default/instances/upgrade-tasks/{{bigip-next-upgrade-task-id}}
For the request payload, use the following example, modifying the values as required.
{ "is_user_accepted_untrusted_cert": true }
The standby node is upgraded.
For HA instance, initiate the manual failover by sending a POST request to the
/spaces/default/instances/<instance_id>/ha/failover
endpoint.POST https://{{CM}}/api/v1/spaces/default/instances/<instance_id>/ha/failover
This will swap the active and standby nodes. Repeat the instance upgrade step (step 5) to upgrade the current standby node.
Result
After the upgrade process, the BIG-IP Next instance displays with the new version on the My Instances page.